CVE-2014-3634
rsyslog - security update
EPSS 29.4%
Description
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
How to fix CVE-2014-3634
To remediate CVE-2014-3634, upgrade the affected package to a fixed version below.
- Debian/inetutils—upgrade to 2:1.9.2.39.3a460-1 or later
- Debian/rsyslog—upgrade to 8.4.1-1 or later
- Debian/rsyslog—upgrade to 4.6.4-2+deb6u1 or later
- —upgrade to 5.8.11-3+deb7u1 or later
Is CVE-2014-3634 being exploited?
Moderate — EPSS is 29.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 2:1.9.2.39.3a460-1
- from 0, < 8.4.1-1
- from 0, < 4.6.4-2+deb6u1
- from 0, < 5.8.11-3+deb7u1